Fear and Loathing in Cyberspace--the Computer Underground comes to Las Vegas.


                          T.J. Barrett


July 22-24, 1994.  Las Vegas plays host to DEFCON II,  a  conven-
tion  unlike  any other.  DEFCON bills itself as a convention for
the "underground"  elements  of  the  computer  culture--hackers,
phreaks,  hammies,  virii coders, programmers (ah, here's where I
fit in!), crackers, cyberpunk wannabees, civil liberties  groups,
cypherpunks,  futurists, artists, etc.  It should be an interest-
ing time!


                                *


Friday night, July 22nd.  As I  enter  the  convention  hall  I'm
struck  by  the  massive disorganization.  While registration was
fairly easy, all of the night's speakers  have  had  to  bow  out
leaving a room full of drunken conference participants witnessing
what can only be described as a cross between anarchy  and  stand
up  comedy.   Speakers  named  "Novacaine" and "Pinky" tell jokes
about PC's.  "How do you crash a PC?"--  "hit  the  return  key."
"how do you turn your 486 into an 8088?"--"type 'win' and hit re-
turn."  We learn that there is a pizza server that will allow you
to   construct   your   own   pizza--simply  send  a  message  to
pizza@ecst.csuchico.edu with the subject "pizza help".
        Finally Ron Butcher helps to organize an  impromptu  talk
on UNIX security--Peter Shipley of DNA (Direct Network Access, an
Internet Service Provider) speaks for about an hour on setting up
a  public access UNIX site--the economic and technical considera-
tions, etc.
        Peter has quite a following--when he leaves  a  bunch  of
people follow him into the bar, actually the Casbar Lounge in the
Sahara Hotel, which tonight is featuring  Sonny  Charles'  Check-
mates.   We  get  carded--a novel experience for me since I'm 36,
but some of those with us may not yet be 21.  Finally we're seat-
ed  and  have a chance to talk and drink for about 5 minutes when
Sonny and his band come onstage.  Now we're reduced to yelling at
each other about bugs in various versions of UNIX while musicians
far older than myself strut around the stage trying to look  like
teenagers,  and  doing barely recognizable versions of songs like
"Mustang Sally".  A very surreal experience.   I  suck  down  two
vodka and tonics and split.


                                *


"How many Feds does it take to screw  in  a  lightbulb?"   "None,
they're not afraid of the dark."


Saturday July 23rd.  Back at the Sahara I've arrived a bit  early
for the convention's keynote speech, featuring Phil Zimmerman au-
thor of PGP (Pretty Good Privacy, a strong public key  encryption
system for use by "the masses").  Phil is highly regarded by this
audience--he has made it possible  for  them  to  preserve  their
privacy  in  a  world that is becoming increasingly public.  Phil
tells us several rather amazing stories, such as the case of Bur-
mese  opposition groups being trained to use PGP in jungle train-
ing camps (Burma is a notoriously repressive regime) or  the  use
of PGP by an individual documenting atrocities in a central amer-
ican country.  An audience member reminds us not to send encrypt-
ed  messages to Sarajevo or Zagreb--the mere receipt of such mes-
sages is taken as evidence of  criminal  or  subversive  activity
there.   Phil  notes that the United States government treats its
peacetime civilians in much the same way governments in the form-
er  Yugoslavia  treat  people with regard to encryption.  This is
not good.  Nevertheless he ends on an optimistic note, telling us
that  "it  is  possible to make progress for seemingly impossible
objectives", in this case reclaiming our rights from the  govern-
ment.
        Next up is Gail Thackeray,  Deputy  County  Attorney  for
Maricopa  County in Arizona, one of those who participated in the
notorious  hacker  crackdown  "Operation  Sundevil".   Her  basic
thesis  is  that it is important for the government to retain its
right to wiretap in order to solve crimes--she presents a  number
of  worst case scenarios, mostly involving terrorists and nuclear
weapons, and explains to us in somewhat condescending  terms  why
we need to abdicate our rights to the government.  It particular-
ly bothers me that she treats everyone in the  room  as  if  they
were  "crackers"  since I am not, but in fact work for one of the
Regional Bell Operating Companies.  Later I hear one of the audi-
ence  members  talking  about Ms. Thackeray, remarking on how she
felt perfectly free to use "doomsday" scenarios for her  side  of
the  argument, but dismissed any, such as the emergence of a cor-
rupt, fascist government in the United States, on the other side.
        Another lawyer followed, and  then  the  video  "Computer
Warriors" from Mattel, which D'arc Tangent, the conference organ-
izer, describes as a mind bomb for children.  This is not an  ex-
aggeration.  It is mercifully short.
        Next Judi Clark of the Computer Professionals for  Social
Responsibility, who leads a round table discussion on that organ-
ization and its role in shaping the nature of the  "National  In-
formation  Superhypeway".   She gives a good talk and is well re-
ceived.  Mara Whitney and Karen Coil also speak about CPSR.   Fi-
nally  Marianne of CPSR tells us about "hacker barbe" (pronounced
"barbie").  She reads us about  hacker  barbe  from  Kurt  Hemr's
piece  on  the Internet-- "...my niece can't get enough of Hacker
Barbe's Dream Basement Apartment!  The pink  Sun  workstation  in
the  corner,  the little containers of takeout Szechuan scattered
across the floor, her 'Don't Blame Me, I  Voted  Libertarian'  t-
shirt--it's  on every little girl's Xmas list!" Marianne actually
has a Barbie doll with a Libertarian t-shirt  to  illustrate  the
point--which  is  that the Net is not just for those who have a Y
chromosome.


                                *


Lunch at the "Holy Cow!", a micro-brewery across Las Vegas  Blvd.
from  the Sahara.  I'm with Peter Shipley, his girlfriend Tracey,
Mark Trumpbour, "Rich"--a self  described  "spy"  who  works  for
Chevron,  and  a  couple  folks I don't know.  We drink Raspberry
Wheat Beer out of a huge glass bottle set in a bucket of ice  and
talk about computing.  Tracey shows me Fuckball Tetris--a version
of that game which makes sounds indicative of great gastric  dis-
tress.   It also has a tendency to insult you and cheat.  It is a
must have.  We also discuss the commute from SLO-town  (San  Luis
Obispo,  California)  to  the Bay Area.  I make a note to tune in
97.1 FM next time I'm in SLO.


                                *


Afternoon.  More sessions.  "Theora" leads a panel discussion  on
computer security.  We learn that anonymous remailers don't real-
ly assure you of anonymity, that anon.penet.fi has been  comprom-
ised,  that  PGP  will  do  you  no  good if you use it stupidly.
Perhaps most interesting is Mark Aldrich who tells us about cryp-
tography  as  it  relates to the 2nd and 3rd amendments.  This is
prompted by a bumper sticker he saw--"Fear  the  Government  that
Fears Your Guns".  He substitutes "cryptography" for "guns".  How
does this relate to  the  3rd  amendment,  an  obscure  amendment
prohibiting  the quartering of troops in a citizen's house except
during wartime.  His point--what if  the  soldier  they  want  to
quarter  is an IC?  It doesn't sound so far-fetched to us because
he works his way backwards from being forced to quarter "Robocop"
to  being forced to quarter a single IC--as in Clipper.  Where do
you draw the line?  The audience asks him if  the  2nd  amendment
currently  applies to cryptography-- not an unreasonable question
since the government has put certain encryption  technologies  on
the  controlled  munitions  list,  prohibiting their export.  His
answer--you probably wouldn't get it through the courts.


                                *


"Historically, more people have been killed by  governments  then
criminals."
                                                        --   Phil
Zimmerman


A "cool toy demo" is supposed to be next, but no  cool  toys  ma-
terialize.   Yawn.   Then  Michael Parris of Privacy Electronics,
who tells us, in direct contradiction to Gail Thackeray, that 90%
of today's wiretaps are illegal (he has been told this by law en-
forcement), and he characterizes present day wiretap practices as
"fishing  expeditions".   Illegal  taps  are called "confidential
sources", illegal tapes are saved and bootstrapped in when a war-
rant is issued.  And despite Gail Thackeray's insistence that the
government must have the capability to protect  us  from  terror-
ists, not one Title 3 warrant was pulled for a terrorist investi-
gation between 1989 and 1992.  His  is  a  frightening  message--
that the government cannot be trusted.  I suspect much of the au-
dience already believes this.


                                *


Pirate radio was to have been next but I slip out  and  accompany
Peter over to "Holy Cow!" where I end up at a table with Amy Har-
mon from the Los Angeles Times (who reminds me of Winona Ryder in
"Reality Bites") and three anonymous hackers.  I feel ill at ease
since they all know I work for a Telco, but the  beer  starts  to
flow  and  they  finally start talking--mostly about the Internet
and in particular how to transmit voice over it.  They finally go
off  in  search of someone rumored to have the hardware necessary
to demo this here in Las Vegas.  I head back to the hotel.


                                *


July 24.  I arrive late for Padgett Peterson's  talk  on  viruses
and  anti-virus  measures.   The  scope seems to have expanded so
that much of the talk concerns itself with Internet "insecurity".
He  discusses  a  number  of problems such as port 25 or SMTP at-
tacks, the presence of "Received From" headers in mail  messages,
and  that  tracing  on  the Net is not only possible, it's legal.
The bottom line is that the Internet is not like  a  phone  line,
it's  a  packet switched network in which all of this information
regarding originating nodes must be present in order for  traffic
to flow.  It's as if you got Caller ID without paying for it, but
there's no "*76"!  In essence there is no anonymity on the Inter-
net,  and there really can't be because of it's underlying struc-
ture.  Audience questions  tend  to  be  heavily  virus-oriented.
Most  interesting  is  his claim that every resident virus can be
detected in 11 bytes by stepping through the Interrupt Table.  He
tells  us  that  when he alerted Microsoft to this situation they
said "it was not in their business interest to provide such  pro-
tection".  This does not really surprise the audience.
        Stephen Donnifer follows with a talk  on  micro-power  or
"pirate"  radio.   He's  started  an organization called the Free
Communications Coalition or "the people's" FCC.  His goal  is  to
take  back  the  airwaves as a public forum--they should not just
serve as the voice of corporate america.  In fact his view of the
Internet  is  somewhat  similar--he  believes it to be a powerful
resource because it allows us to communicate without any  govern-
mental  or corporate control.  He is trying to bring this kind of
freedom to the airwaves (eventually  including  television).   He
tells  us  it  will  take  effort.   It  will take "bodies in the
street--government has never been responsive  to  a  well-crafted
dialectic."


                                *


"Congress is bought and paid for by Corporate America.  We  don't
have democracy in this country."
                                                        --
Stephen Donnifer


Winn Schwartau is up now with a talk  on  "information  warfare".
He  recites  a  lengthy litany of our potential vulnerabilities--
malicious code, viruses, sniffers, ESS hacking, chipping  (chang-
ing EPROMS to introduce hardware "trojan horses").  Each of these
could be incredibly effective and  incredibly  dangerous  in  the
hands  of a wealthy individual.  For instance the military relies
on IC's but it doesn't have the resources to test every chip.  He
concludes with perhaps the most frightening technology--Herf Guns
[sp?] which generate incredibly high  levels  of  electromagnetic
radiation  that  will  either crash the target machine (if you're
lucky) or else crash it, erase the disk, and possibly  even  fuse
the  silicon  barriers on the chips!  A typical herf gun is back-
pack sized, costs about $150 to build, and puts out an incredible
16  Megawatts of pulse.  We learn that the United States actually
deployed these type of weapons in bombs against Iraq in 1991--RFI
weapons destroyed the Iraqui air defense system.


                                *


Lunch time.  I go over to the "Holy Cow!" to look for  Peter  and
who  should  I  run  into but my friends Kim Gurwin and Joan Blye
from Detroit.  Kim is a manicurist.  Joan drives a semi.   (Real-
ly!)  I try to explain to them what this conference is about, why
it features a "Spot the Fed" contest, why the conference  program
has  etiquette instructions titled "If you are going to bust any-
one"...  I am not entirely successful--and this is a problem that
we will all face if we hope to have any sort of coherent National
Information Policy--we must assist  those  not  in  computing  or
telecommunications to understand the new world of cyberspace.  It
will not be easy.


                                *


On my return from lunch there is a  lock-picking  demo  going  on
down  in the lobby.  I miss this, or more likely I simply fail to
notice it.  In the conference hall a voice piped  in  from  some-
where  is  demonstrating  social engineering for us, calling room
6340 at the MGM Grand, the room of Tori Welles,  nude  dancer  at
Club  Paradise,  trying  to  get her real name.  He talks his way
past the switchboard but Tori is not there,  only  a  friend  who
won't give out Tori's name.  Score one for common sense.


                                *


"There will always be bugs in the future.  As long as Microsoft's
around, anyway."
                                                        --  "Dead
Addict"


"Dead Addict" presents his vision of two futures for  us  in  the
afternoon--Utopia versus Dystopia.  He starts by telling us about
his current state of disillusionment--"A paranoid person  is  one
who  is  well-informed". He sees the Internet as being a positive
force toward his vision of Utopia, in which  there  is  universal
access to all knowledge, artifacts, works of art-- in which there
are no hidden secrets.  Education becomes not the  assembly  line
practiced  in  today's  factory-model  schools, but an individual
sculpting of each student.  People do the jobs that they like  to
do and hence are more productive.  There are no patents to foster
all of the redundant research that goes in in  today's  world  so
that  whoever  gets  to  the  objective first locks everyone else
out--instead scientists would work together and be far  more  ef-
fective.  His is an idealistic vision.
        His vision of Dystopia is essentially just  an  extension
of life as we know it today.  Restrictions and government regula-
tion are the norm, cookie-cutter education and dull, boring  jobs
are  everyone's  lot,  government  and  corporations are the only
winners.
        Dead Addict's visions of alternative futures seem  to  be
the social equivalents of "1" and "0".


                                *


Dr. Mark Ludwig takes the stage.  He is famous to these people as
a creator and chronicler of computer viruses.  Today he will tell
us "how to get a laugh when the Feds show up at your  door".   He
recommends  that  we cover our assets in offshore bank accounts--
for this he recommends "The Offshore Nestegg Strategy"  available
from  Privacy Reports, Inc., 26a Peel St., Ground Floor, Central,
Hong Kong.  He also emphasizes that we store our computing  tools
and  programs  in encrypted form on a 2G DAT tape and make copies
and store them in several places.  Finally he thinks it would  be
a  good  idea to make friends overseas.  In this way we can "be a
customer" for different governments and shop around.  His message
is well received.

                                *


Analiza T.orquamada is next.  She is from the UK and  is  working
on  a  documentary film entitled "Unauthorised Access".  The film
however is not yet completed so I drift to the back of  the  hall
to  talk  to  Peter and Mark.  It has been an interesting and en-
lightening 3 days.  Peter is reading  the  first  draft  of  this
article--he  suggests that I try to characterize the crowd.  This
is difficult.  There do seem to be some Feds, of course.  A  cou-
ple  of  RBOC people like myself...  Mostly the crowd consists of
young computer-literate males with somewhat questionable  ethics,
and  "novel"  ideas  about the way the world works.  I don't find
that they are, in general, smarter then  other  people--but  they
are  perhaps  more dedicated to their hobby/career and to sharing
information.  But it has been worth it to me to talk to them, and
to meet those few people like Peter and Tracey and Mark and "Dead
Addict" who really are smarter than most of the  crowd.   It  has
been a worthwhile conference because of these people.  I am sorry
to go but I do.  Kim and Joan are waiting for me and I go to meet
them, anticipating a vodka and tonic and a conversation without a
single reference to computers.


                                *


PS--a big "thank you" to the Dark Tangent for  organizing  DEFCON
II.
